The other day I learned about the Rust crate lexopt which describes itself as, A pathologically simple command line argument parser. Most argument parsers are declarative: you tell them what to parse, and they do it. This one provides you with a stream of options and values and lets you figure out the rest. For “pathologically simple” I still...
I commented on Lobsters that /tmp is usually a bad idea, which caused some surprise. I suppose /tmp security bugs were common in the 1990s when I was learning Unix, but they are pretty rare now so I can see why less grizzled hackers might not be familiar with the problems. I guess that’s some kind of success, but sadly the fixes have left behind...
A couple of notable things have happened in recent months: There is a new edition of POSIX for 2024. There’s lots of good stuff in it, but today I am writing about getentropy() which is the first officially standardized POSIX API for getting cryptographically secure random numbers. On Linux the getentropy(3) function is based on the getrandom(2)...
Following my previous post on rate limiting with GCRA, leaky buckets without the buckets, I reviewed my old notes on rate limiting for Exim. I thought I should do a new write-up of the ideas that I hope will be more broadly interesting. Exponential rate limiting uses an exponentially-weighted moving average to measure the client’s rate. It is...
Yesterday I read an article describing the GCRA rate limiting algorithm. I thought it was really interesting, but I wasn’t entirely satisfied with Brandur’s explanation, and the Wikipedia articles on leaky buckets and GCRA are terrible, so here’s my version. what is GCRA? GCRA is the “generic cell rate algorithm”, a rate-limiting algorithm that...
Yesterday there was some discussion on the Orange Site about whether or not C is Turing complete. The consensus in the StackOverflow question is, no, because the C abstract machine is a (large) finite state machine, or maybe yes, if you believe that unaddressable local variables can exist outside the finite address space, and you can have an...
I’m pleased that so many people enjoyed my previous blog post on tolower() with AVX-512. Thanks for all the great comments and discussion! One aspect that needed more work was examining the performance for small strings. The previous blog post had a graph for strings up to about 1000 bytes long, mainly because it illustrated some curious...
A couple of years ago I wrote about tolower() in bulk at speed using SWAR tricks. A couple of days ago I was interested by Olivier Giniaux’s article about unsafe read beyond of death, an optimization for handling small strings with SIMD instructions, for a fast hash function written in Rust. I’ve long been annoyed that SIMD instructions can...
Semaphores are one of the oldest concurrency primitives in computing, invented over 60 years ago. They are weird: usually the only numbers of concurrent processes we care about are zero, one, or many – but semaphores deal with those fussy finite numbers in between. Yesterday I was writing code that needed to control the number of concurrent...
a blog post for international RNG day Lemire’s nearly-divisionless algorithm unbiased bounded random numbers has a fast path and a slow path. In the fast path it gets a random number, does a multiplication, and a comparison. In the rarely-taken slow path, it calculates a remainder (the division) and enters a rejection sampling loop. When Lemire’s...
I have made a new release of nsnotifyd, a tiny DNS server that just listens for NOTIFY messages and runs a script when one of your zones changes. This nsnotifyd-2.1 release includes a few bugfixes: more lenient handling of trailing . in domain names on the command line avoid dividing by zero when the refresh interval is less than 10 seconds do...
Yesterday I received a bug report for regpg, my program that safely stores server secrets encrypted with gpg so they can be commited to a git repository. The bug was that I used the classic shell pipeline find | xargs grep with the classic Unix “who would want spaces in filenames?!” flaw. I have pushed a new release, regpg-1.12, containing the...
In the C preprocessor, after a macro has been expanded the result is rescanned for further macros. To prevent recursion, [the C standard][n3220] says the following in section 6.10.5.4p2. (This text has been basically the same since C89.) If the name of the macro being replaced is found during this scan of the replacement list (not including the...
There are a couple of version control commands that deserve wider appreciation: SCCS what and RCS ident. They allow you to find out what source a binary was built from, without having to run it – handy if it is a library! They basically scan a file looking for magic strings that contain version control metadata and print out what they discover....
Here are some notes on migrating a signed zone from BIND’s old auto-dnssec to its new dnssec-policy. I have been procrastinating this migration for years, and I avoided learning anything much about dnssec-policy until this month. I’m writing this from the perspective of a DNS operator rather than a BIND hacker. migrating from auto-dnssec risks to...
Here are some miscellaneous unsorted notes about BIND9’s dnssec-policy that turned out not to be useful in my previous blog posts, but which some readers might find informative. Some of them I learned the hard way, so I hope I can make it easier for others! contents of key files changes to key files fast timers? parental agents This is the third...
Here are some notes about using BIND’s new-ish dnssec-policy feature to sign a DNS zone that is currently unsigned. I am in the process of migrating my DNS zones from BIND’s old auto-dnssec to its new dnssec-policy, and writing a blog post about it. These introductory sections grew big enough to be worth pulling out into a separate article. what...
As is typical for static site generators, each page on this web site is generated from a file containing markdown with YAML frontmatter. Neither markdown nor YAML are good. Markdown is very much the worse-is-better of markup languages; YAML, on the other hand, is more like better-is-worse. YAML has too many ways of expressing the same things, and...
My opinion is not mainstream, but I think if you really examine the practices and security processes that use and recommend sudo, the reasons for using it are mostly bullshit. When I started my career in the late 1990s, I was already aware of really(8) and userv because one of my friends wrote them. As tools they embody criticisms of sudo’s...
Our net connection at home is not great: amongst its several misfeatures is a lack of IPv6. Yesterday I (at last!) got around to setting up a wireguard IPv6 VPN tunnel between my workstation and my Mythic Beasts virtual private server. There were a few, um, learning opportunities. incorrect ideas I made a couple of wrong assumptions about the...
After an extremely long hiatus, I have resurrected my link log. As well as its web page, https://dotat.at/:/, my link log is shared via: an Atom feed https://dotat.at/:/feed.atom the fediverse https://mendeddrum.org/@fanf Dreamwidth https://dotaturls-feed.dreamwidth.org/profile The Dreamwidth feed has not caught this afternoon’s newly added...
Back in December, George Michaelson posted an item on the APNIC blog titled “That OSI model refuses to die”, in reaction to Robert Graham’s “OSI Deprogrammer” published in September. I had discussed the OSI Deprogrammer on Lobsters, and George’s blog post prompted me to write an email. He and I agreed that I should put it on my blog, but I did...
In my previous entry I wrote about constructing a four-point egg, using curcular arcs that join where their tangents are at 45°. I wondered if I could do something similar with ellipses. As before, I made an interactive ellipse workbench to experiment with the problem. I got something working, but I have questions… What I wanted to do is swing a...
For reasons beyond the scope of this entry, I have been investigating elliptical and ovoid shapes. The Wikipedia article for Moss’s egg has a link to a tutorial on Euclidean Eggs by Freyja Hreinsdóttir which (amongst other things) describes how to construct the “four point egg”. I think it is a nicer shape than Moss’s egg. Freyja’s construction...